Antivirus removes upload blocks. Trace blocks back to files?

Hi,

I encountered some weird behaviour on a client’s computer. Upload failed for some reason at some point. In the client logs I discovered some ‘file not found’ errors, which turned out to have been deleted by a virus scanner before.

The virus signature was from a very old MS Word exploit (cve-2006-2492).

For once from what I researched this is no longer dangerous as the bug has long been closed. The Antivir software does not detect anything in any Word-File itself. So I got curious about what happens there.

  • Is it possible that the blocks were created in a pattern that matches this virus sig without actually being hazardous?
  • Is there a way to trace back the blocks to the file they originate from to inspect that deeper?

Regards,
Tim

This is usually not a virus. Seafile splits files into blocks. The blocks sometimes may look like “virus” for the virus scanner. You can exclude the Seafile/seafile-data/ folder in your virus scanner.